A high-severity Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows for Stored XSS, posing a risk of administrative account compromise.

The plugin is susceptible to a Cross-Site Request Forgery (CSRF) attack. An unauthenticated attacker can craft a malicious request that, when executed by an authenticated administrator's browser, injects a persistent malicious script (Stored XSS) into the plugin's configuration or related settings.

This vulnerability is rated High severity with a CVSS score of 7.1. A successful exploit could allow an attacker to execute scripts within an administrator's session, potentially leading to the theft of session cookies, modification of LDAP settings, or creation of unauthorized admin accounts. This could result in a complete compromise of the website's authentication system.

Immediate Action: The primary remediation is to update the WPMU Ldap Authentication plugin to the latest patched version immediately.

Proactive Monitoring: Regularly audit plugin configurations for unauthorized changes. Monitor administrative logs for suspicious activity, especially related to user authentication settings.

Compensating Controls: Deploying a Web Application Firewall (WAF) with up-to-date rules against CSRF and XSS attacks can provide an effective, immediate layer of defense.

Public Exploit Available: false

This vulnerability represents a significant threat to the security of the website's user management and authentication. The High severity rating requires an urgent response. Administrators must prioritize applying the vendor-supplied update to prevent attackers from compromising the site.